In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_ll: Fix firmware leak on error path
Smatch reports:
drivers/bluetooth/hci_ll.c:587 download_firmware() warn:
'fw' from request_firmware() not released on lines: 544.
In download_firmware(), if request_firmware() succeeds but the returned
firmware content is invalid (no data or zero size), the function returns
without releasing the firmware, resulting in a resource leak.
Fix this by calling release_firmware() before returning when
request_firmware() succeeded but the firmware content is invalid.
| Score | Percentile |
|---|---|
| 0.01% | 2.40% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-gmrr-4gfx-7vm5 ↗ |
| CVE | CVE-2026-43069 ↗ |
| CWE id | Name |
|---|---|
| CWE-401 | Missing Release of Memory after Effective Lifetime |